Janmesh - Linux Documentation

Welcome to the place where things start. Here you'll find beginner documentation, that is to be read before intermediate one.

Tutorial n°1 : How to deploy a local Janmesh network between two computers from nothing :

This tutorial has beeen updated and now is adapted to use with Ubuntu 18.04.

Objectives of this tutorial

The point of this tutorial is to inter-connect computers throught a wifi network, and to add a olsrd routing, plus an encryption and authentication layer with cjdns. It will make these machines a part of the Janmesh meshlocal.

The addressing

We will use link-local addresses. It's sufficient for the scale of most urban areas, because this methode allows about 65000 addresses, and most of the time one household will only need one address.
As a matter of fact inter-connecting different network segments will need two dedicated interfaces, for example to operate long-range liaison, connecting two network segments with each their 65 000 available addresses.

On the scale of a city

On the scale of a big city, it would be more complicated : we can cut the network into segments by neighbourhood or district, and every segment must have its own essid because the wifi coverage of the segments will be overlapping each other.
For example : append "Lyon 1er", "Lyon 2eme", "Lyon 3eme" to the essid for the areas of the city of Lyon.
Remenber that the wifi network is just a layer, and Janmesh acually uses cjdns, wich is a higher layer protocol, that uses the wider range of addresses of the IPV6 protocol to route packets between machines.

Step 0 : install required software

For each computer enter the command line (need an internet access) :
$ sudo apt-get install olsrd ufw
This will install the olsrd dynamic routing and the firewall manager ufw.

Step 1 : Mesh setup

Step 1.1 : create the wifi network

Setting up a network connection using network manager

Step 1.2 : Activate olsrd dynamic routing

olrsd will allows every packet passing throught the wifi network to take the better route, from computer to computer.
Change the olsrd configuration file, /etc/olsrd.conf : $ sudo nano /etc/olsrd.conf
Add a section
Interface "wlan0" {
Ip4Broadcast 255.255.255.255
}
(The name of your wifi interface will probably be "wlan0", but it can be different. For example on our lab-testing machine "durandal" it was called wlan5. You can use iwconfig to know the name of your wifi interface if you're not sur of its name (should be wlan-something)).
Then launch the olsrd daemon in background :
$ sudo olsrd

Step 3 : block any non-cjdns traffic and open the wifi

We will have to, for each machines, search into the congiguration file of cjdns which port it's using. you can open this file with the command :
sudo nano /etc/cjdroute.conf
The port number is on the line :
"your.external.ip.goes.here:65011": {
In this case, it will be 65011. The number is randomly generated and won't be the same on your hardware. Write it down, we will need it !
We want here to block all the trafic on the wifi interface used by the mesh, except for the cjdns's port (65011 in this case).
This number in the next lines should be adjust with your cjdns port number.
The name of the wifi interface should be wlan0. If it's not, you can have the actual name with the command iwconfig
$ sudo ufw enable
$ sudo ufw deny in on wlan0
$ sudo ufw allow in on wlan0 to any port 65011
$ sudo ufw deny out on wlan0
$ sudo ufw allow out on wlan0 from any port 65011

Configure a script to make the changes permanent

Note : this method will use upstart, it's the default services management system in Ubuntu 14.04. But(For the long term supported versions), systemd is the default services manager since Ubuntu 16.04, it's better to use it. THIS SECTION HAS THEN TO BE UPDATED. Nevertheless Ubuntu 18.04 still supports upstart, then the code provided remains useful.
Into the folder /etc/init.d, create a text file nammed janmesh :
$ gksu gedit /etc/init.d/janmesh
And copy in it what follows :

save and close.
In Ubuntu 16.04 and newer: you have to make the script executable :
$ sudo chmod +x /etc/init.d/janmesh

You can now start or stop the janmesh connexion with :
$ sudo /etc/init.d/janmesh start
and
$ sudo /etc/init.d/janmesh stop
The last step is to launch Janmesh at startup - be careful, if the only connection of your machine is Janmesh and your machine can only be remotely control, this step is essential, because we blocked all the trafic except the Janmesh (cjdns, higher CoOoOw stack level) one. You have to do so to get connectivity upon reboots later!
$ sudo update-rc.d janmesh defaults

And finally

HOWTO Prevent some services to be accessed on your computer, prevent them to be accessible throught Janmesh

Blocking a single port

If you wish to block only one particular service.
Exemple for a mesh with one tun0 mesh interface up, on which we want to block access to a listening web server (port 80) :
$ sudo ufw deny in on tun0 to any port 80

Whitelisting only wished open services and blocking anything else

A much more secure approach is to block anything and allow only what is useful. Example if you want to allow a listening web server (port 80) and block anything else, for a mesh network operating on the tun0 interface:
$ sudo ufw deny in on tun0
$ sudo ufw allow in on tun0 to any port 80

Licensing: this tutorial is placed under two licenses. Code is placed under AGPLv3 license. Other text content here is licensed under Creative Commons BY-SA 4.0 license. Authors are : Shangri-l. Translators are : Nomys. Translation proofreader are : Shangri-l